Custom Configuration File

SafeHouse includes the ability to reference a custom configuration file
that you create which includes special commands and options to help further
shape the behavior of the SafeHouse software. The file must be named CONFIG.INI
and it should be located in the SafeHouse program files directory.

This CONFIG.INI file is completely optional. Most people will never
need this special file; however, it is frequently used in corporate deployments
where it is often desirable to establish standards and policies to make
sure everyone is using the product in a defined way.

You will not find this CONFIG.INI file
in your SafeHouse programs folder after installing the standard product.
If you decide to use this feature, you should create this file using a
simple text editor such as Windows NOTEPAD. Do not use a word processor
such as Microsoft Word to create this file since word processors insert
document formatting information which won't be correctly interpreted by
Windows.

The format of this INI file conforms to the standard format for any
typical Windows INI file.

The custom configuration file allows you to:

Preset popular command line options for the various
SafeHouse utilities and wizards.

Restrict the encryption methods used for creating
new SafeHouse volumes.

Establish password policies for volumes and smartcards.

Set preferences with regard to the location of
SafeHouse volumes.

NOTE:
The
SafeHouse Deployment
Wizard can create this file for you. At your option, it will display
a series of wizard pages explaining each feature and prompting for your
preference. It will then package your customized CONFIG.INI file into
the custom SafeHouse installer and deploy it along with the rest of the
SafeHouse files.

Presetting Utility Command Options

If you find yourself using the same SafeHouse utility command line options
over and over again, you may find it convenient to put those options into
a custom configuration file, which has the same effect as having specified
those identical options directly when invoking the respective utility.

Many of the utility programs included with SafeHouse will check for
the existence of the CONFIG.INI in the same directory as the utility is
run from; which is typically the C:\Program
Files\SafeHouse
folder. If
this file is found, the utility will look for a [section] which has the
same name as the utility and retrieve initial values for any specified
parameters.

For example, SDWCREAT.EXE will look for
the section named [SDWCREAT]
and SDWMAP32.EXE will look for a section
named [SDWMAP32].

Parameters specified on the command line override any potential CONFIG.INI
settings for the same option.

Individual parameters have names identical to their command-line equivalents
without the leading slash.

Example CONFIG.INI Section:

This example sets the length for volume passwords, which is equivalent
to having specified /Minpassword=8 and /Maxpassword=32 on the command
line.

[SDWCREAT]

Minpassword=8

Maxpassword=32

Utilities Supporting this Feature:

The following SafeHouse utilities support using this custom configuration
file.

Restricting Available Encryption Methods

Professional Edition Only

It is often desirable in corporate environments to restrict the use
of certain encryption algorithms. You can prevent one or more encryption
algorithms from appearing in the create volume wizard encryption selection
list by creating a section named [ENCRYPTION] in your CONFIG.INI file
and including a reference for each algorithm that should not be presented
to the user as an available choice.

The following encryption identifiers can be specified in the [ENCRYPTION]
section. Their respective values can be set to 1 to allow them, which
is the default, or to 0 to hide them.

2F256

BF448

AES128

AES256

DES

TDES168

NONE

See Encryption
for descriptions of the encryption methods supported by SafeHouse.

Please also know that SafeHouse will only display
the wizard page showing encryption options when users choose to see the
advanced options for creating new volumes. This choice is made by checking
a box on the first page of the create volume wizard.

Example CONFIG.INI Section:

Adding the following lines to your custom CONFIG.INI file will hide
the DES, Triple DES and NONE encryption methods from users when using
the Create Volume wizard. The other methods will default to being set
to 1 and will therefore remain enabled.

[ENCRYPTION]

DES=0

TDES168=0

NONE=0

Setting Password Policies

Professional Edition Only

SafeHouse has always supported password length range limits, however,
we've also started to receive requests to support additional rules relating
to the passwords that can be chosen by users. If you wish to enforce a
specific password policy, the options presented below will allow you to
specify a variety of simple rules.

Any rule not included in your CONFIG.INI file will default to using
a value of 0 for the minimum length of the respective setting.

These rules will be enforced whenever users have an opportunity within
SafeHouse to choose a SafeHouse volume password; such as when they create
a new volume or change the password of an existing volume.

The PasswordHelp parameter allows you to craft a simple message explaining
your password policy. This text will be displayed in an error dialog when
users attempt to choose a password that does not conform to your established
rules.

Example CONFIG.INI Section:

[GLOBAL]

PasswordMinDigits=2

PasswordMinSymbols=1

PasswordMinUppercase=2

PasswordMinLowercase=0

PasswordHelp=Passwords must include at least
2 digits, 1 punctuation symbol and two upper case letters.

Smartcard Settings

When using virtual smartcards residing on Flash disks and memory sticks,
you can override the default minimum password length enforced by SafeHouse
by including this setting in your custom CONFIG.INI file. This applies
only to virtual smartcards rather than traditional smartcards since when
using traditional smartcards the manufacturer provides you with the tools
to change your password.

In the example, the minimum allowed length for a smartcard password
is set to 10 characters.

Example CONFIG.INI Section:

[SMARTCARD]

PasswordMinLength=10

Volume Location Preferences

SafeHouse typically stores volumes in a single default folder to make
working with volumes just a little bit easier. Volumes can still reside
in other folders or even on other drives, but accessing them will require
that you point to them using a file chooser.

The VolumeDirectory
option can be used to tell SafeHouse where your default volume folder
is located. This value will typically only be meaningful for the very
first volume a user creates since SafeHouse then internally remembers
the location of the last volume created or opened. When not specified,
SafeHouse will default to using C:\SafeHouse as the default volume folder.

However, when this option is used in combination with the ForceDefaultVolumeDirectory
option (below), the value you specify for VolumeDirectory
becomes
the starting folder to be shown for all SafeHouse volume file pickers.

The ForceDefaultVolumeDirectory
option can be used to instruct SafeHouse to always default its file pickers
to initially showing the default volume folder instead of starting out
showing the folder you last used when picking a SafeHouse volume. When
this option is not specified, SafeHouse keeps track of the folders you've
been using to store your volumes and will assume that the next time you
go to pick a volume that the best starting point would be to look in the
same folder as where the last volume you used was located. In many cases,
this is a pretty good guess; but since we've had some requests to force
a specific starting point, we've added this special option to do just
that.

Example CONFIG.INI Section:

[GLOBAL]

VolumeDirectory=C:\SafeHouse

ForceDefaultVolumeDirectory=1

Example Configuration File

This sample configuration file will cause the following behavior:

Volumes will be opened as removable media in Windows;
no recycle bin.

New volumes created will default to using 256
AES as the encryption method.

New volumes will have enforced password lengths
between 8 and 32 characters.

All volume passwords must conform to the following
policy: must include 2 digits, one symbol and 2 uppercase letters.

Even in advanced mode, when creating new volumes,
the DES encryption method will not be presented as a possible choice.